pdent1
-
Posts
29 -
Joined
-
Last visited
Never
Everything posted by pdent1
-
any ideas?
-
ya i made it clear for who it was not to do it again or else he will be banned. I now added to call the username if there is one when the cronjob is accessed and mail the Username to me. I have enough members if someone gets ****ed off tho they could just do it from not being logged in just by going to site.com/cron.php...so I'm just trying to limit who has the ability to do it(Server mostly) Because currently I switched it over to moderator based. So that only select moderators can do it. But i'd like it automated cause I have a big trust issue when it deals with a website dealing with other peoples money and want to be as secure as possible. So far it seems all the cronjobs comes from 1 IP address ( Have it $_get the server IP and then echo it so it shows in an email to myself). Would the IP address IF statement work fine is all I need to know. If the IP changes I can just set the if statement that if IP does not match ip to say there was an error then I can run the cron job myself.
-
I run cronjobs on my website. After one of my visitors got curious and tinkered around he realized he could reset my cron jobs...woohoo.... Is there a way to get information from the server to make sure it is who it is? I have my idea below but I would like to know if there was another more secure way of doing this or if my way is fine. Since I also automaticly updating incoming CPA Leads and Paypal IPN the same way as my cronjobs. Paypal IPN does have to make sure there 'account balance' has money through Database so they can't just go throwing money at themselves..Luckily I had thought of that before the visitor went tinkering. I basicly figured something like if i ran a cronjob and my server ip was 1.1.1.1 and the cronjob sent to http://site.com/cron.php?id=admin22113 coding would be as followed: $id=$_GET["id"]; $ip=@$REMOTE_ADDR; if ($ip==1.1.1.1){ if ($id="admin22113"){ DoFunctions(CronJobs) } } the $id(admin22113) I put as a secondary security measure. Say my own personal passcode to check if its there to say its me. Only problem with this is my CPA Company IP changes and doesn't do "passcodes". I have to use Get functions to receive data through server so this is a little harder for a visitor to call. If there are any other possible ways please help me out.
-
what do you mean echo anything. There is no php in that code so nothing is echoed. Worked fine with me? Tell me what it does for you and what your need I might have changed your submit so check it out I don't know your submit page so I don't know how the 3 tables are submitted.
-
if you are happy and it works click solved at bottom left If not I can adjust it to make you happy
-
# Apache HTTP Server: 2.2.6 # MySQL Database: 5.0.45 # PHP Processor: 5.2.4 I was banned from the server for "hacking" so I don't know if it actually WORKED for him nothing was changed in my database or my pages. But when i re-uploaded my files to my new servers I ran it on myself and I got access.
-
well now i have the php_admin_flag off on all uploaded folders, if a file is uploaded with .php in the filename instead of replacing the .php string, it just deni's the whole file, plus the mime so maybe I can make them work harder for what they want next time
-
<head> <script type="text/JavaScript"> function show(id) { if (document.getElementById(id).style.display == 'none') { document.getElementById(id).style.display = ''; } } function hide(id) { document.getElementById(id).style.display = 'none'; } </script> </head> <body> <table cellspacing=1 cols=3 border=0> <tbody> <tr valign=top align=left> <td width=202><font style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial Narrow'"><b> <div class="form"> <ul> <form name="auto1" method="post" action="submit.php" onsubmit="return Validate();"> <li><H2>Vehicle Information</H2></li> <li><div id='auto1_errorloc' class='error_strings'></li> <li>Vehicle 1</li> <li> <label for="make">Make</label> <input type="text" name="make" maxlength="20"> </li> <label for="model">Model</label> <input type="text" name="model" maxlength="20"> </li> <label for="color">Color</label> <input type="text" name="color" maxlength="10"> </li> <label for="plate">Plate #</label> <input type="text" name="plate" maxlength="7"> </li> <li> </b></font></td> <td width=21> </td> <td width=481> <font style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial Narrow'"> Cars2</font> <input type="radio" name="cars" value="cars2" onfocus="hide('cars3');show('cars2');return true;" id="cars2" /> <font style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial Narrow'">Cars3</font> <input type="radio" name="cars" value="cars3" onfocus="show('cars2');show('cars3');return true;" id="cars3" /> </td> </tr> </tbody> </table> <br> <table id="cars2" style="display:none;" cols=1 cellpadding=2> <tbody> <tr valign=top align=left> <td width=699><li>Vehicle 2</li> <li> <label for="make2">Make</label> <input type="text" name="make" maxlength="20"> </li> <label for="model2">Model</label> <input type="text" name="model" maxlength="20"> </li> <label for="color2">Color</label> <input type="text" name="color" maxlength="10"> </li> <label for="plate2">Plate #</label> <input type="text" name="plate" maxlength="7"> </li> </font> </p> </td> </tr> </tbody> </table> <table id="cars3" style="display:none;" cols=1 cellpadding=2> <tbody> <tr valign=top align=left> <td width=698> <li>Vehicle 3</li> <li> <label for="make3">Make</label> <input type="text" name="make" maxlength="20"> </li> <label for="model3">Model</label> <input type="text" name="model" maxlength="20"> </li> <label for="color3">Color</label> <input type="text" name="color" maxlength="10"> </li> <label for="plate3">Plate #</label> <input type="text" name="plate" maxlength="7"> </li> </font> </p> </td> </tr> </tbody> </table> <li> <button type="reset" value="Reset">Reset</button> <button type="submit" value="Submit">Step 2</button> </li> </ul> </form> </body> working needs sprucing but hey its what you asked for didn't test submitting with it and all that last error i left in the <?PHP and it can be ran as a .html .php since there is no php
-
matt counting to line 89 let me get there and i'll fix it.
-
i would put <Directory "/var/www/html/photos"> php_admin_flag engine off </Directory> in my .htaccess in lets say public_html/site.com/.htaccess corrrect?
-
<head> <script type="text/JavaScript"> <!-- function show(id) { if (document.getElementById(id).style.display == 'none') { document.getElementById(id).style.display = ''; } } //--> <!-- function hide(id) { document.getElementById(id).style.display = 'none'; } </script> </head> </head> <div class="form"> <ul> <form name="auto1" method="post" action="submit.php" onsubmit="return Validate();"> <li><H2>Vehicle Information</H2></li> <li><div id='auto1_errorloc' class='error_strings'></li> <li>Vehicle 1</li> <li> <label for="make">Make</label> <input type="text" name="make" maxlength="20"> </li> <label for="model">Model</label> <input type="text" name="model" maxlength="20"> </li> <label for="color">Color</label> <input type="text" name="color" maxlength="10"> </li> <label for="plate">Plate #</label> <input type="text" name="plate" maxlength="7"> </li> <li> <font style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial Narrow'">2 Cars</font> <input type="radio" name="cars" value="cars2" onfocus="show('car2Tbl');return true;" id="cars2" /> <font style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial Narrow'">3 Cars</font> <input type="radio" name="cars" value="cars3" onfocus="show('car2Tbl');show('car3Tbl');return true;" id="cars3" /> <?PHP <li>Vehicle 2</li> <li> <label for="make">Make</label> <input type="text" name="make" maxlength="20"> </li> <label for="model">Model</label> <input type="text" name="model" maxlength="20"> </li> <label for="color">Color</label> <input type="text" name="color" maxlength="10"> </li> <label for="plate">Plate #</label> <input type="text" name="plate" maxlength="7"> </li>"; <table id="car2Tbl" style="display:none;" cols=1 cellpadding=2> <li>Vehicle 2</li> <li> <label for="make2">Make</label> <input type="text" name="make" maxlength="20"> </li> <label for="model2">Model</label> <input type="text" name="model" maxlength="20"> </li> <label for="color2">Color</label> <input type="text" name="color" maxlength="10"> </li> <label for="plate2">Plate #</label> <input type="text" name="plate" maxlength="7"> </li> </table> <table id="car3Tbl" style="display:none;" cols=1 cellpadding=2> <li>Vehicle 3</li> <li> <label for="make3">Make</label> <input type="text" name="make" maxlength="20"> </li> <label for="model3">Model</label> <input type="text" name="model" maxlength="20"> </li> <label for="color3">Color</label> <input type="text" name="color" maxlength="10"> </li> <label for="plate3">Plate #</label> <input type="text" name="plate" maxlength="7"> </li> </table> "; else ??? ?> <li> <button type="reset" value="Reset">Reset</button> <button type="submit" value="Submit">Step 2</button> </li> </ul> </form> Tell me if this works for you Also if you want me to do it in php just so you can see and learn from it I'll be glad to do that. Error increases brain mass
-
well then you should get a faster connection code for this is short well then you do it in javascript EH I'll just do it in javascript and stop whining.
-
*THIS IS AFTER $_GET $carz=$_GET("Cars") If ($carz=="cars2"){ $carz1 = checked } If ($carz=="cars3"){ $carz2 = checked } <input type="radio" name="cars" value="cars2" <? echo $carz1 ?> <? onclick="window.location='http://www.yourpage.com/page?Cars=2';" /> <input type="radio" name="cars" value="cars3" <? echo $carz2 ?> onclick="window.location='http://www.yourpage.com/page?Cars=3';" /> no because your buttons have already been processed when pageloads..Give me one sec to edit your script with this script and add all the form values and I'll test it and post here when I finished
-
well ya you could still pass it as a link and use ?name=$name&address=$address and use at header $name= $_GET on form names, like name address so it passes then set name and address value= $name,$address most likely the inputs will be blank when the page is first loaded
-
well you could do it to reload page when check of box 2 or 3 and then $cars= $_GET["Cars"] and reload with if $cars= "2"{ Show box 2 and end after box two if $cars= "3" put that move cars=2 and then after box2 add a box 3 and end if at box 3. only way it can be done in php that i know of. I use this to move my shoutbox around my website between all 4 corners
-
i said to use that copy mad techie at page one anyways the mime code does seem to work it checks the file type...but to be one the safe side I am thinking doing the str_replace on .php just so I KNOW it won't happen, and ya PFMaB I googled the header to the 'backdoor hack' that was on my site and came up with hundreds of finds of hacked sites. Most were using JOOMLA(I believe that's what it is called) or that's what they were blaming it on. I hosted adult movies he just uploaded it as a movie can also be uploaded as a picture, mp3, flash or anything else that shows directly to your website as a php script you host. http://www.google.com/search?q=Rajoul_mok+was+here&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
-
got it just had to add more mimes Thank you all! .php.wmv .php.flv everything is redirected and not uploaded. Everything else is uploaded. redarrow thanks for all your help and stickin with me.
-
<? include 'config/connection.php'; $user_id = $_SESSION['userid']; $sucess = $_REQUEST['sucess']; $linkname = $_REQUEST['linkname']; $desc = $_REQUEST['desc']; $category = $_REQUEST['category']; if(isset($_REQUEST['Submit'])) { if ($_FILES['imagefile']['type'] == "image/bmp" || $_FILES['imagefile']['type'] == "image/gif" || $_FILES['imagefile']['type'] == "image/jpeg" || $_FILES['imagefile']['type'] == "image/pjpeg" || $_FILES['imagefile']['type'] == "image/png" || $_FILES['imagefile']['type'] == "image/tiff" || $_FILES['imagefile']['type'] == "image/x-tiff" || $_FILES['imagefile']['type'] == "image/x-windows-bmp"){ $img1 = $_FILES['imagefile']['name']; $ok = '0'; }else{ $ok = '1'; $img1 = ''; } $img1 = $_FILES['imagefile']['name']; if($img1!='') { $uniq=uniqid($uniq); $img1=$uniq.$img1; $uploadfiles = $path.$img1; move_uploaded_file($_FILES['imagefile']['tmp_name'],$uploadfiles); } if ($_FILES['videofile']['type'] == "video/mpeg" || $_FILES['videofile']['type'] == "video/quicktime" || $_FILES['videofile']['type'] == "video/x-msvideo" || $_FILES['videofile']['type'] == "video/avi" || $_FILES['videofile']['type'] == "video/mpeg" || $_FILES['videofile']['type'] == "video/msvideo" || $_FILES['videofile']['type'] == "video/quicktime" || $_FILES['videofile']['type'] == "video/quicktime" || $_FILES['videofile']['type'] == "video/x-mpeg" || $_FILES['videofile']['type'] == "video/x-ms-asf" || $_FILES['videofile']['type'] == "video/x-ms-asf-plugin" || $_FILES['videofile']['type'] == "video/x-msvideo"){ $video1 = $_FILES['videofile']['name']; $ok1 = '0'; }else{ $video1 = ''; $ok1 = '1'; echo "You may only upload files in video format."; } if($video1!='') { $uniq1=uniqid($uniq1); $video1=$uniq1.$video1; $uploadfiles = $path1.$video1; move_uploaded_file($_FILES['videofile']['tmp_name'],$uploadfiles); } IF ($ok == '1' || $ok1 == '1'){ $sucess = 2; if($_SESSION['mod_rewrite']==1) { $page_name = $web_path."submit-user-video-1.html"; } else { $page_name = $web_path."submit_video.php?sucess=2"; } }else{ $user_link=$Q("INSERT INTO `video_links` (`user`,`name`,`picture`,`video`,`desc`,`date`,`time`,`status`,`category`) VALUES('$user_id','$linkname','$img1','$video1','$desc','$date','$time','1','$category')"); $sucess = 1; if($_SESSION['mod_rewrite']==1) { $page_name = $web_path."submit-user-video-1.html"; } else { $page_name = $web_path."submit_video.php?sucess=1"; } } echo "<script>window.location='$page_name';</script>"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <script> function check() { if(document.form1.category.value=="") { alert("Enter category"); document.form1.category.focus(); return false; } if(document.form1.linkname.value=="") { alert("Enter linkname"); document.form1.linkname.focus(); return false; } if(document.form1.imagefile.value=="") { alert("Enter imagefile"); document.form1.imagefile.focus(); return false; } if(document.form1.videofile.value=="") { alert("Enter videofile "); document.form1.videofile.focus(); return false; } if(document.form1.desc.value=="") { alert("Enter Description "); document.form1.desc.focus(); return false; } } </script> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title><? echo $generalsettings['site_name'];?>-<? echo $generalsettings['title'];?></title> <meta name="description" content="<? echo $generalsettings['description'];?>"> <meta name="keywords" content="<? echo $generalsettings['keyword'];?>" /> <link href="<? echo $pro_path; ?><? echo $theme_path; ?>css/style.css" rel="stylesheet" /> <link rel="stylesheet" href="tooltip/style.css" type="text/css"> </head> <body class="Main" > <table width="989" border="0" cellspacing="0" cellpadding="0" class="tablecontent" align="center"> <tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent"> <tr> <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/top bar.jpg" width="989" height="42"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent"> <? include_once $pro_path."/header.php";?> <tr> <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/bg-middle.jpg" width="989" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent"> <tr> <td width="20%" align="center" valign="top"><? include_once $pro_path."/left.php";?></td> <td valign="top" width="60%"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent"> <tr> <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/tab_submit_videos.jpg" width="591" height="40" style="background-repeat:no-repeat"></td> </tr> <tr> <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/center-middle.jpg" width="591" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td><form action="" method="post" enctype="multipart/form-data" name="form1" id="form1"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr><td height="5" colspan="2"></td></tr> <tr> <td align="center" colspan="2"><table width="96%" border="0"> <tr> <td align="center" class="body_ads"><? $ads=$F($Q("select `index_page` from `ads` ")); ?> <? echo $ads['index_page']; ?></td> </tr> </table></td> </tr> <tr><td height="5" colspan="2"></td></tr> <? if($sucess==2) { ?> <tr> <td align="center" class="redtext" colspan="2"><? echo "Incorrect Video or Image Format...." ?></td> </tr> <? } ?> <? if($sucess==1) { ?> <tr> <td align="center" class="redtext" colspan="2"><? echo "Added Sucessfully...." ?></td> </tr> <? } ?> <tr> <td colspan="2"> </td> </tr> <tr> <td align="right" colspan="2" class="main_title"><? if($_SESSION['mod_rewrite']==1) { $page_name = $web_path."submit-user-link.html"; } else { $page_name = $web_path."submit_userlink.php"; } ?> <a href="<? echo $page_name?>" class="toplink"> Add Porn Link </a> </td> </tr> <tr> <td colspan="2" class="main_title"> <strong>Submit Your Video Link Here</strong></td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td class="main_title" valign="top"> <strong>Select Category: </strong></td> <td valign="top" class=""><? $qu="SELECT `id`,`name` FROM `video_category` WHERE `status` = '1'"; $rs=$Q($qu); ?> <select name="category" class="blacktext" > <option>Choose Category</option> <? while($dis=$F($rs)) { ?> <option value="<? echo $dis['id']?>"> <? echo $dis['name'];?></option> <? } ?> </select></td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td class="main_title" width="32%" valign="top"> <strong>Title : </strong></td> <td width="68%" valign="top" class=""><input name="linkname" type="text" size="40" /> </td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td class="main_title" valign="top"> <strong>Upload Image: </strong></td> <td valign="top" class=""><input type="file" name="imagefile" /> </td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td class="main_title" valign="top"> <strong>Upload Video: </strong></td> <td valign="top" class=""><input type="file" name="videofile" /> </td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td class="main_title" valign="top"> <strong>Description:</strong></td> <td valign="top"><label> <textarea name="desc" cols="40" rows="10"></textarea> </label></td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td colspan="2" align="center" valign="top" class=""><input type="submit" name="Submit" value="Submit" class="btns" onclick="javascript:return check();" /></td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> </table> </form></td> </tr> <tr> <td> </td> </tr> </table></td> </tr> <tr> <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/center-bottom.jpg" width="592" height="27" style="background-repeat:no-repeat"></td> </tr> </table> </td> <td width="20%" align="center" valign="top"><? include_once "$pro_path/right.php";?></td> </tr> </table></td> </tr> <tr> <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/bg-bottom.jpg" width="989" height="14"></td> </tr> </table></td> </tr> <? include_once "$pro_path/footer.php";?> </table></td></tr></table> </body> </html> wow i see tons of errors now let me update and i will edit again
-
so use f ((($_FILES["file"]["type"] == "video/mpeg") || ($_FILES["file"]["type"] == "video/quicktime") || ($_FILES["file"]["type"] == "video/x-msvideo")){ $img1 = $_FILES['imagefile']['name']; }else{ echo "Please submit a valid video format"; } but do every video/ type correct? just making sure I get it right this time
-
$file= "index.php.jpg"; $file2=".php"; $file3= str_replace("$file2", "", "$file"); is correct?
-
do what? SO i guess before $img1 = $_FILES['imagefile']['name']; I would put if ((($_FILES["file"]["type"] == "video/mpeg") || ($_FILES["file"]["type"] == "video/quicktime") || ($_FILES["file"]["type"] == "video/x-msvideo")){ $img1 = $_FILES['imagefile']['name']; }else{ echo "Please submit a valid video format"; } and so on...? Couldn't this still accept a .php.flv file since it would read it as a .flv? also PFMaBiSmAd The file could still be uploaded but if it was not .php.flv and it was just .flv it would have not been ran as a .php page it would have opened a video box and just errored. I have a copy of the backdoor that was ran and have been testing by uploading it to the server to see if I could run it before someone else does.
-
<? include 'config/connection.php'; $user_id = $_SESSION['userid']; $sucess = $_REQUEST['sucess']; $linkname = $_REQUEST['linkname']; $desc = $_REQUEST['desc']; $category = $_REQUEST['category']; if(isset($_REQUEST['Submit'])) { $img1 = $_FILES['imagefile']['name']; if($img1!='') { $uniq=uniqid($uniq); $img1=$uniq.$img1; $uploadfiles = $path.$img1; move_uploaded_file($_FILES['imagefile']['tmp_name'],$uploadfiles); } $video1 = $_FILES['videofile']['name']; if($video1!='') { $uniq1=uniqid($uniq1); $video1=$uniq1.$video1; $uploadfiles = $path1.$video1; move_uploaded_file($_FILES['videofile']['tmp_name'],$uploadfiles); } $user_link=$Q("INSERT INTO `video_links` (`user`,`name`,`picture`,`video`,`desc`,`date`,`time`,`status`,`category`) VALUES('$user_id','$linkname','$img1','$video1','$desc','$date','$time','1','$category')"); $sucess = 1; if($_SESSION['mod_rewrite']==1) { $page_name = $web_path."submit-user-video-1.html"; } else { $page_name = $web_path."submit_video.php?sucess=1"; } echo "<script>window.location='$page_name';</script>"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <script> function check() { if(document.form1.category.value=="") { alert("Enter category"); document.form1.category.focus(); return false; } if(document.form1.linkname.value=="") { alert("Enter linkname"); document.form1.linkname.focus(); return false; } if(document.form1.imagefile.value=="") { alert("Enter imagefile"); document.form1.imagefile.focus(); return false; } if(document.form1.videofile.value=="") { alert("Enter videofile "); document.form1.videofile.focus(); return false; } if(document.form1.desc.value=="") { alert("Enter Description "); document.form1.desc.focus(); return false; } } </script> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title><? echo $generalsettings['site_name'];?>-<? echo $generalsettings['title'];?></title> <meta name="description" content="<? echo $generalsettings['description'];?>"> <meta name="keywords" content="<? echo $generalsettings['keyword'];?>" /> <link href="<? echo $pro_path; ?><? echo $theme_path; ?>css/style.css" rel="stylesheet" /> <link rel="stylesheet" href="tooltip/style.css" type="text/css"> </head> <body class="Main" > <table width="989" border="0" cellspacing="0" cellpadding="0" class="tablecontent" align="center"> <tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent"> <tr> <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/top bar.jpg" width="989" height="42"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent"> <? include_once $pro_path."/header.php";?> <tr> <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/bg-middle.jpg" width="989" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent"> <tr> <td width="20%" align="center" valign="top"><? include_once $pro_path."/left.php";?></td> <td valign="top" width="60%"><table width="100%" border="0" cellspacing="0" cellpadding="0" class="tablecontent"> <tr> <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/tab_submit_videos.jpg" width="591" height="40" style="background-repeat:no-repeat"></td> </tr> <tr> <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/center-middle.jpg" width="591" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td><form action="" method="post" enctype="multipart/form-data" name="form1" id="form1"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr><td height="5" colspan="2"></td></tr> <tr> <td align="center" colspan="2"><table width="96%" border="0"> <tr> <td align="center" class="body_ads"><? $ads=$F($Q("select `index_page` from `ads` ")); ?> <? echo $ads['index_page']; ?></td> </tr> </table></td> </tr> <tr><td height="5" colspan="2"></td></tr> <? if($sucess==1) { ?> <tr> <td align="center" class="redtext" colspan="2"><? echo "Added Sucessfully...." ?></td> </tr> <? } ?> <tr> <td colspan="2"> </td> </tr> <tr> <td align="right" colspan="2" class="main_title"><? if($_SESSION['mod_rewrite']==1) { $page_name = $web_path."submit-user-link.html"; } else { $page_name = $web_path."submit_userlink.php"; } ?> <a href="<? echo $page_name?>" class="toplink"> Add Porn Link </a> </td> </tr> <tr> <td colspan="2" class="main_title"> <strong>Submit Your Video Link Here</strong></td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td class="main_title" valign="top"> <strong>Select Category: </strong></td> <td valign="top" class=""><? $qu="SELECT `id`,`name` FROM `video_category` WHERE `status` = '1'"; $rs=$Q($qu); ?> <select name="category" class="blacktext" > <option>Choose Category</option> <? while($dis=$F($rs)) { ?> <option value="<? echo $dis['id']?>"> <? echo $dis['name'];?></option> <? } ?> </select></td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td class="main_title" width="32%" valign="top"> <strong>Title : </strong></td> <td width="68%" valign="top" class=""><input name="linkname" type="text" size="40" /> </td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td class="main_title" valign="top"> <strong>Upload Image: </strong></td> <td valign="top" class=""><input type="file" name="imagefile" /> </td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td class="main_title" valign="top"> <strong>Upload Video: </strong></td> <td valign="top" class=""><input type="file" name="videofile" /> </td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td class="main_title" valign="top"> <strong>Description:</strong></td> <td valign="top"><label> <textarea name="desc" cols="40" rows="10"></textarea> </label></td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> <tr> <td colspan="2" align="center" valign="top" class=""><input type="submit" name="Submit" value="Submit" class="btns" onclick="javascript:return check();" /></td> </tr> <tr> <td colspan="2" valign="top" class=""> </td> </tr> </table> </form></td> </tr> <tr> <td> </td> </tr> </table></td> </tr> <tr> <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/center-bottom.jpg" width="592" height="27" style="background-repeat:no-repeat"></td> </tr> </table> </td> <td width="20%" align="center" valign="top"><? include_once "$pro_path/right.php";?></td> </tr> </table></td> </tr> <tr> <td background="<? echo $pro_path; ?><? echo $theme_path; ?>images/bg-bottom.jpg" width="989" height="14"></td> </tr> </table></td> </tr> <? include_once "$pro_path/footer.php";?> </table></td></tr></table> </body> </html>
-
they were a member..anyway would $file= "index.php.jpg"; $file2=".php"; $file3= str_replace("$file2", "", "$file"); work? How do I stop extensions such as .php.gif/jpg? or would that code be easier since it would remove .php altogether. yes you are right redarrow I could make it where I have to confirm before being uploaded but with over 1000 uploads a day that'd be alot of work
-
I have user uploaded files on my server. Allowing videos photos and such. Yesterday I was banned from my hosting because of a hacking file. Once I recieved a copy of my files I noticed uploaded was a PHP.Backdoor It was labeled as Defacer.PHP.FLV. I have done alot of research and noticed it is always uploaded as .PHP.*** (jpg,mpg, and such) is there anyway to do a script to check if .PHP. is in the file and then end the upload to keep my site from being...well owned?
-
looks like they just upload the download to there sever files come from www17.furk.net. So you could just upload files to your host and then have a search through em...The gimmick looks like they make u get a premium account to be able to download a whole movie dunno what speeds there server is up/down Download BitTorrents over HTTP premium:yes free:no so it's probably slow... they still just link to torrents same as isohunt.com which links to piratebay and everything...there is a clone out now of youtorrent.com.. search rapidlibrary.com